item_policy_spec.rb 1.5 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849
  1. # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. describe Checklist::ItemPolicy do
  4. subject(:policy) { described_class.new(user, record) }
  5. let(:record) { build(:checklist_item, checklist: build(:checklist, ticket: ticket)) }
  6. let(:ticket) { create(:ticket) }
  7. let(:group) { ticket.group }
  8. let(:user) { create(:agent, groups: [group]) }
  9. context 'when user does not have access to the ticket' do
  10. let(:user) { create(:agent) }
  11. it { is_expected.to forbid_actions(:show, :create, :update, :destroy) }
  12. end
  13. context 'when user has read access to the ticket' do
  14. let(:user) { create(:agent) }
  15. before { user.user_groups.create! group: ticket.group, access: 'read' }
  16. it { is_expected.to forbid_actions(:create, :update, :destroy) }
  17. it { is_expected.to permit_actions(:show) }
  18. end
  19. context 'when user has full access to the ticket' do
  20. let(:user) { create(:agent, groups: [ticket.group]) }
  21. it { is_expected.to permit_actions(:show, :create, :update, :destroy) }
  22. context 'when checklist feature is disabled' do
  23. before do
  24. Setting.set('checklist', false)
  25. end
  26. it { is_expected.to forbid_actions(:show, :create, :update, :destroy) }
  27. end
  28. end
  29. context 'when user has access to the ticket by having customer access' do
  30. let(:user) { create(:customer) }
  31. before { ticket.update! customer: user }
  32. it { is_expected.to forbid_actions(:show, :create, :update, :destroy) }
  33. end
  34. end